« prev ^ index » next coverage.py v7.2.7, created at 2023-06-06 06:03 +0000
1# -*- coding: utf-8 -*-
2# Copyright 2022 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16from collections import OrderedDict
17import functools
18import re
19from typing import (
20 Dict,
21 Mapping,
22 MutableMapping,
23 MutableSequence,
24 Optional,
25 Sequence,
26 Tuple,
27 Type,
28 Union,
29)
31from google.api_core import exceptions as core_exceptions
32from google.api_core import gapic_v1
33from google.api_core import retry as retries
34from google.api_core.client_options import ClientOptions
35from google.auth import credentials as ga_credentials # type: ignore
36from google.oauth2 import service_account # type: ignore
38from google.cloud.resourcemanager_v3 import gapic_version as package_version
40try:
41 OptionalRetry = Union[retries.Retry, gapic_v1.method._MethodDefault]
42except AttributeError: # pragma: NO COVER
43 OptionalRetry = Union[retries.Retry, object] # type: ignore
45from google.iam.v1 import iam_policy_pb2 # type: ignore
46from google.iam.v1 import policy_pb2 # type: ignore
47from google.longrunning import operations_pb2
48from google.protobuf import timestamp_pb2 # type: ignore
50from google.cloud.resourcemanager_v3.services.organizations import pagers
51from google.cloud.resourcemanager_v3.types import organizations
53from .client import OrganizationsClient
54from .transports.base import DEFAULT_CLIENT_INFO, OrganizationsTransport
55from .transports.grpc_asyncio import OrganizationsGrpcAsyncIOTransport
58class OrganizationsAsyncClient:
59 """Allows users to manage their organization resources."""
61 _client: OrganizationsClient
63 DEFAULT_ENDPOINT = OrganizationsClient.DEFAULT_ENDPOINT
64 DEFAULT_MTLS_ENDPOINT = OrganizationsClient.DEFAULT_MTLS_ENDPOINT
66 organization_path = staticmethod(OrganizationsClient.organization_path)
67 parse_organization_path = staticmethod(OrganizationsClient.parse_organization_path)
68 common_billing_account_path = staticmethod(
69 OrganizationsClient.common_billing_account_path
70 )
71 parse_common_billing_account_path = staticmethod(
72 OrganizationsClient.parse_common_billing_account_path
73 )
74 common_folder_path = staticmethod(OrganizationsClient.common_folder_path)
75 parse_common_folder_path = staticmethod(
76 OrganizationsClient.parse_common_folder_path
77 )
78 common_organization_path = staticmethod(
79 OrganizationsClient.common_organization_path
80 )
81 parse_common_organization_path = staticmethod(
82 OrganizationsClient.parse_common_organization_path
83 )
84 common_project_path = staticmethod(OrganizationsClient.common_project_path)
85 parse_common_project_path = staticmethod(
86 OrganizationsClient.parse_common_project_path
87 )
88 common_location_path = staticmethod(OrganizationsClient.common_location_path)
89 parse_common_location_path = staticmethod(
90 OrganizationsClient.parse_common_location_path
91 )
93 @classmethod
94 def from_service_account_info(cls, info: dict, *args, **kwargs):
95 """Creates an instance of this client using the provided credentials
96 info.
98 Args:
99 info (dict): The service account private key info.
100 args: Additional arguments to pass to the constructor.
101 kwargs: Additional arguments to pass to the constructor.
103 Returns:
104 OrganizationsAsyncClient: The constructed client.
105 """
106 return OrganizationsClient.from_service_account_info.__func__(OrganizationsAsyncClient, info, *args, **kwargs) # type: ignore
108 @classmethod
109 def from_service_account_file(cls, filename: str, *args, **kwargs):
110 """Creates an instance of this client using the provided credentials
111 file.
113 Args:
114 filename (str): The path to the service account private key json
115 file.
116 args: Additional arguments to pass to the constructor.
117 kwargs: Additional arguments to pass to the constructor.
119 Returns:
120 OrganizationsAsyncClient: The constructed client.
121 """
122 return OrganizationsClient.from_service_account_file.__func__(OrganizationsAsyncClient, filename, *args, **kwargs) # type: ignore
124 from_service_account_json = from_service_account_file
126 @classmethod
127 def get_mtls_endpoint_and_cert_source(
128 cls, client_options: Optional[ClientOptions] = None
129 ):
130 """Return the API endpoint and client cert source for mutual TLS.
132 The client cert source is determined in the following order:
133 (1) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is not "true", the
134 client cert source is None.
135 (2) if `client_options.client_cert_source` is provided, use the provided one; if the
136 default client cert source exists, use the default one; otherwise the client cert
137 source is None.
139 The API endpoint is determined in the following order:
140 (1) if `client_options.api_endpoint` if provided, use the provided one.
141 (2) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is "always", use the
142 default mTLS endpoint; if the environment variable is "never", use the default API
143 endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise
144 use the default API endpoint.
146 More details can be found at https://google.aip.dev/auth/4114.
148 Args:
149 client_options (google.api_core.client_options.ClientOptions): Custom options for the
150 client. Only the `api_endpoint` and `client_cert_source` properties may be used
151 in this method.
153 Returns:
154 Tuple[str, Callable[[], Tuple[bytes, bytes]]]: returns the API endpoint and the
155 client cert source to use.
157 Raises:
158 google.auth.exceptions.MutualTLSChannelError: If any errors happen.
159 """
160 return OrganizationsClient.get_mtls_endpoint_and_cert_source(client_options) # type: ignore
162 @property
163 def transport(self) -> OrganizationsTransport:
164 """Returns the transport used by the client instance.
166 Returns:
167 OrganizationsTransport: The transport used by the client instance.
168 """
169 return self._client.transport
171 get_transport_class = functools.partial(
172 type(OrganizationsClient).get_transport_class, type(OrganizationsClient)
173 )
175 def __init__(
176 self,
177 *,
178 credentials: Optional[ga_credentials.Credentials] = None,
179 transport: Union[str, OrganizationsTransport] = "grpc_asyncio",
180 client_options: Optional[ClientOptions] = None,
181 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
182 ) -> None:
183 """Instantiates the organizations client.
185 Args:
186 credentials (Optional[google.auth.credentials.Credentials]): The
187 authorization credentials to attach to requests. These
188 credentials identify the application to the service; if none
189 are specified, the client will attempt to ascertain the
190 credentials from the environment.
191 transport (Union[str, ~.OrganizationsTransport]): The
192 transport to use. If set to None, a transport is chosen
193 automatically.
194 client_options (ClientOptions): Custom options for the client. It
195 won't take effect if a ``transport`` instance is provided.
196 (1) The ``api_endpoint`` property can be used to override the
197 default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT
198 environment variable can also be used to override the endpoint:
199 "always" (always use the default mTLS endpoint), "never" (always
200 use the default regular endpoint) and "auto" (auto switch to the
201 default mTLS endpoint if client certificate is present, this is
202 the default value). However, the ``api_endpoint`` property takes
203 precedence if provided.
204 (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable
205 is "true", then the ``client_cert_source`` property can be used
206 to provide client certificate for mutual TLS transport. If
207 not provided, the default SSL client certificate will be used if
208 present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not
209 set, no client certificate will be used.
211 Raises:
212 google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
213 creation failed for any reason.
214 """
215 self._client = OrganizationsClient(
216 credentials=credentials,
217 transport=transport,
218 client_options=client_options,
219 client_info=client_info,
220 )
222 async def get_organization(
223 self,
224 request: Optional[Union[organizations.GetOrganizationRequest, dict]] = None,
225 *,
226 name: Optional[str] = None,
227 retry: OptionalRetry = gapic_v1.method.DEFAULT,
228 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
229 metadata: Sequence[Tuple[str, str]] = (),
230 ) -> organizations.Organization:
231 r"""Fetches an organization resource identified by the
232 specified resource name.
234 .. code-block:: python
236 # This snippet has been automatically generated and should be regarded as a
237 # code template only.
238 # It will require modifications to work:
239 # - It may require correct/in-range values for request initialization.
240 # - It may require specifying regional endpoints when creating the service
241 # client as shown in:
242 # https://googleapis.dev/python/google-api-core/latest/client_options.html
243 from google.cloud import resourcemanager_v3
245 async def sample_get_organization():
246 # Create a client
247 client = resourcemanager_v3.OrganizationsAsyncClient()
249 # Initialize request argument(s)
250 request = resourcemanager_v3.GetOrganizationRequest(
251 name="name_value",
252 )
254 # Make the request
255 response = await client.get_organization(request=request)
257 # Handle the response
258 print(response)
260 Args:
261 request (Optional[Union[google.cloud.resourcemanager_v3.types.GetOrganizationRequest, dict]]):
262 The request object. The request sent to the ``GetOrganization`` method. The
263 ``name`` field is required. ``organization_id`` is no
264 longer accepted.
265 name (:class:`str`):
266 Required. The resource name of the Organization to
267 fetch. This is the organization's relative path in the
268 API, formatted as "organizations/[organizationId]". For
269 example, "organizations/1234".
271 This corresponds to the ``name`` field
272 on the ``request`` instance; if ``request`` is provided, this
273 should not be set.
274 retry (google.api_core.retry.Retry): Designation of what errors, if any,
275 should be retried.
276 timeout (float): The timeout for this request.
277 metadata (Sequence[Tuple[str, str]]): Strings which should be
278 sent along with the request as metadata.
280 Returns:
281 google.cloud.resourcemanager_v3.types.Organization:
282 The root node in the resource
283 hierarchy to which a particular entity's
284 (a company, for example) resources
285 belong.
287 """
288 # Create or coerce a protobuf request object.
289 # Quick check: If we got a request object, we should *not* have
290 # gotten any keyword arguments that map to the request.
291 has_flattened_params = any([name])
292 if request is not None and has_flattened_params:
293 raise ValueError(
294 "If the `request` argument is set, then none of "
295 "the individual field arguments should be set."
296 )
298 request = organizations.GetOrganizationRequest(request)
300 # If we have keyword arguments corresponding to fields on the
301 # request, apply these.
302 if name is not None:
303 request.name = name
305 # Wrap the RPC method; this adds retry and timeout information,
306 # and friendly error handling.
307 rpc = gapic_v1.method_async.wrap_method(
308 self._client._transport.get_organization,
309 default_retry=retries.Retry(
310 initial=0.1,
311 maximum=60.0,
312 multiplier=1.3,
313 predicate=retries.if_exception_type(
314 core_exceptions.ServiceUnavailable,
315 ),
316 deadline=60.0,
317 ),
318 default_timeout=60.0,
319 client_info=DEFAULT_CLIENT_INFO,
320 )
322 # Certain fields should be provided within the metadata header;
323 # add these here.
324 metadata = tuple(metadata) + (
325 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
326 )
328 # Send the request.
329 response = await rpc(
330 request,
331 retry=retry,
332 timeout=timeout,
333 metadata=metadata,
334 )
336 # Done; return the response.
337 return response
339 async def search_organizations(
340 self,
341 request: Optional[Union[organizations.SearchOrganizationsRequest, dict]] = None,
342 *,
343 query: Optional[str] = None,
344 retry: OptionalRetry = gapic_v1.method.DEFAULT,
345 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
346 metadata: Sequence[Tuple[str, str]] = (),
347 ) -> pagers.SearchOrganizationsAsyncPager:
348 r"""Searches organization resources that are visible to the user and
349 satisfy the specified filter. This method returns organizations
350 in an unspecified order. New organizations do not necessarily
351 appear at the end of the results, and may take a small amount of
352 time to appear.
354 Search will only return organizations on which the user has the
355 permission ``resourcemanager.organizations.get``
357 .. code-block:: python
359 # This snippet has been automatically generated and should be regarded as a
360 # code template only.
361 # It will require modifications to work:
362 # - It may require correct/in-range values for request initialization.
363 # - It may require specifying regional endpoints when creating the service
364 # client as shown in:
365 # https://googleapis.dev/python/google-api-core/latest/client_options.html
366 from google.cloud import resourcemanager_v3
368 async def sample_search_organizations():
369 # Create a client
370 client = resourcemanager_v3.OrganizationsAsyncClient()
372 # Initialize request argument(s)
373 request = resourcemanager_v3.SearchOrganizationsRequest(
374 )
376 # Make the request
377 page_result = client.search_organizations(request=request)
379 # Handle the response
380 async for response in page_result:
381 print(response)
383 Args:
384 request (Optional[Union[google.cloud.resourcemanager_v3.types.SearchOrganizationsRequest, dict]]):
385 The request object. The request sent to the ``SearchOrganizations`` method.
386 query (:class:`str`):
387 Optional. An optional query string used to filter the
388 Organizations to return in the response. Query rules are
389 case-insensitive.
391 ::
393 | Field | Description |
394 |------------------|--------------------------------------------|
395 | directoryCustomerId, owner.directoryCustomerId | Filters by directory
396 customer id. |
397 | domain | Filters by domain. |
399 Organizations may be queried by ``directoryCustomerId``
400 or by ``domain``, where the domain is a G Suite domain,
401 for example:
403 - Query ``directorycustomerid:123456789`` returns
404 Organization resources with
405 ``owner.directory_customer_id`` equal to
406 ``123456789``.
407 - Query ``domain:google.com`` returns Organization
408 resources corresponding to the domain ``google.com``.
410 This corresponds to the ``query`` field
411 on the ``request`` instance; if ``request`` is provided, this
412 should not be set.
413 retry (google.api_core.retry.Retry): Designation of what errors, if any,
414 should be retried.
415 timeout (float): The timeout for this request.
416 metadata (Sequence[Tuple[str, str]]): Strings which should be
417 sent along with the request as metadata.
419 Returns:
420 google.cloud.resourcemanager_v3.services.organizations.pagers.SearchOrganizationsAsyncPager:
421 The response returned from the SearchOrganizations
422 method.
424 Iterating over this object will yield results and
425 resolve additional pages automatically.
427 """
428 # Create or coerce a protobuf request object.
429 # Quick check: If we got a request object, we should *not* have
430 # gotten any keyword arguments that map to the request.
431 has_flattened_params = any([query])
432 if request is not None and has_flattened_params:
433 raise ValueError(
434 "If the `request` argument is set, then none of "
435 "the individual field arguments should be set."
436 )
438 request = organizations.SearchOrganizationsRequest(request)
440 # If we have keyword arguments corresponding to fields on the
441 # request, apply these.
442 if query is not None:
443 request.query = query
445 # Wrap the RPC method; this adds retry and timeout information,
446 # and friendly error handling.
447 rpc = gapic_v1.method_async.wrap_method(
448 self._client._transport.search_organizations,
449 default_timeout=60.0,
450 client_info=DEFAULT_CLIENT_INFO,
451 )
453 # Send the request.
454 response = await rpc(
455 request,
456 retry=retry,
457 timeout=timeout,
458 metadata=metadata,
459 )
461 # This method is paged; wrap the response in a pager, which provides
462 # an `__aiter__` convenience method.
463 response = pagers.SearchOrganizationsAsyncPager(
464 method=rpc,
465 request=request,
466 response=response,
467 metadata=metadata,
468 )
470 # Done; return the response.
471 return response
473 async def get_iam_policy(
474 self,
475 request: Optional[Union[iam_policy_pb2.GetIamPolicyRequest, dict]] = None,
476 *,
477 resource: Optional[str] = None,
478 retry: OptionalRetry = gapic_v1.method.DEFAULT,
479 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
480 metadata: Sequence[Tuple[str, str]] = (),
481 ) -> policy_pb2.Policy:
482 r"""Gets the access control policy for an organization resource. The
483 policy may be empty if no such policy or resource exists. The
484 ``resource`` field should be the organization's resource name,
485 for example: "organizations/123".
487 Authorization requires the IAM permission
488 ``resourcemanager.organizations.getIamPolicy`` on the specified
489 organization.
491 .. code-block:: python
493 # This snippet has been automatically generated and should be regarded as a
494 # code template only.
495 # It will require modifications to work:
496 # - It may require correct/in-range values for request initialization.
497 # - It may require specifying regional endpoints when creating the service
498 # client as shown in:
499 # https://googleapis.dev/python/google-api-core/latest/client_options.html
500 from google.cloud import resourcemanager_v3
501 from google.iam.v1 import iam_policy_pb2 # type: ignore
503 async def sample_get_iam_policy():
504 # Create a client
505 client = resourcemanager_v3.OrganizationsAsyncClient()
507 # Initialize request argument(s)
508 request = iam_policy_pb2.GetIamPolicyRequest(
509 resource="resource_value",
510 )
512 # Make the request
513 response = await client.get_iam_policy(request=request)
515 # Handle the response
516 print(response)
518 Args:
519 request (Optional[Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]]):
520 The request object. Request message for ``GetIamPolicy`` method.
521 resource (:class:`str`):
522 REQUIRED: The resource for which the
523 policy is being requested. See the
524 operation documentation for the
525 appropriate value for this field.
527 This corresponds to the ``resource`` field
528 on the ``request`` instance; if ``request`` is provided, this
529 should not be set.
530 retry (google.api_core.retry.Retry): Designation of what errors, if any,
531 should be retried.
532 timeout (float): The timeout for this request.
533 metadata (Sequence[Tuple[str, str]]): Strings which should be
534 sent along with the request as metadata.
536 Returns:
537 google.iam.v1.policy_pb2.Policy:
538 An Identity and Access Management (IAM) policy, which specifies access
539 controls for Google Cloud resources.
541 A Policy is a collection of bindings. A binding binds
542 one or more members, or principals, to a single role.
543 Principals can be user accounts, service accounts,
544 Google groups, and domains (such as G Suite). A role
545 is a named list of permissions; each role can be an
546 IAM predefined role or a user-created custom role.
548 For some types of Google Cloud resources, a binding
549 can also specify a condition, which is a logical
550 expression that allows access to a resource only if
551 the expression evaluates to true. A condition can add
552 constraints based on attributes of the request, the
553 resource, or both. To learn which resources support
554 conditions in their IAM policies, see the [IAM
555 documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
557 **JSON example:**
559 {
560 "bindings": [
561 {
562 "role":
563 "roles/resourcemanager.organizationAdmin",
564 "members": [ "user:mike@example.com",
565 "group:admins@example.com",
566 "domain:google.com",
567 "serviceAccount:my-project-id@appspot.gserviceaccount.com"
568 ]
570 }, { "role":
571 "roles/resourcemanager.organizationViewer",
572 "members": [ "user:eve@example.com" ],
573 "condition": { "title": "expirable access",
574 "description": "Does not grant access after
575 Sep 2020", "expression": "request.time <
576 timestamp('2020-10-01T00:00:00.000Z')", } }
578 ], "etag": "BwWWja0YfJA=", "version": 3
580 }
582 **YAML example:**
584 bindings: - members: - user:\ mike@example.com -
585 group:\ admins@example.com - domain:google.com -
586 serviceAccount:\ my-project-id@appspot.gserviceaccount.com
587 role: roles/resourcemanager.organizationAdmin -
588 members: - user:\ eve@example.com role:
589 roles/resourcemanager.organizationViewer
590 condition: title: expirable access description:
591 Does not grant access after Sep 2020 expression:
592 request.time <
593 timestamp('2020-10-01T00:00:00.000Z') etag:
594 BwWWja0YfJA= version: 3
596 For a description of IAM and its features, see the
597 [IAM
598 documentation](\ https://cloud.google.com/iam/docs/).
600 """
601 # Create or coerce a protobuf request object.
602 # Quick check: If we got a request object, we should *not* have
603 # gotten any keyword arguments that map to the request.
604 has_flattened_params = any([resource])
605 if request is not None and has_flattened_params:
606 raise ValueError(
607 "If the `request` argument is set, then none of "
608 "the individual field arguments should be set."
609 )
611 # The request isn't a proto-plus wrapped type,
612 # so it must be constructed via keyword expansion.
613 if isinstance(request, dict):
614 request = iam_policy_pb2.GetIamPolicyRequest(**request)
615 elif not request:
616 request = iam_policy_pb2.GetIamPolicyRequest(
617 resource=resource,
618 )
620 # Wrap the RPC method; this adds retry and timeout information,
621 # and friendly error handling.
622 rpc = gapic_v1.method_async.wrap_method(
623 self._client._transport.get_iam_policy,
624 default_retry=retries.Retry(
625 initial=0.1,
626 maximum=60.0,
627 multiplier=1.3,
628 predicate=retries.if_exception_type(
629 core_exceptions.ServiceUnavailable,
630 ),
631 deadline=60.0,
632 ),
633 default_timeout=60.0,
634 client_info=DEFAULT_CLIENT_INFO,
635 )
637 # Certain fields should be provided within the metadata header;
638 # add these here.
639 metadata = tuple(metadata) + (
640 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
641 )
643 # Send the request.
644 response = await rpc(
645 request,
646 retry=retry,
647 timeout=timeout,
648 metadata=metadata,
649 )
651 # Done; return the response.
652 return response
654 async def set_iam_policy(
655 self,
656 request: Optional[Union[iam_policy_pb2.SetIamPolicyRequest, dict]] = None,
657 *,
658 resource: Optional[str] = None,
659 retry: OptionalRetry = gapic_v1.method.DEFAULT,
660 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
661 metadata: Sequence[Tuple[str, str]] = (),
662 ) -> policy_pb2.Policy:
663 r"""Sets the access control policy on an organization resource.
664 Replaces any existing policy. The ``resource`` field should be
665 the organization's resource name, for example:
666 "organizations/123".
668 Authorization requires the IAM permission
669 ``resourcemanager.organizations.setIamPolicy`` on the specified
670 organization.
672 .. code-block:: python
674 # This snippet has been automatically generated and should be regarded as a
675 # code template only.
676 # It will require modifications to work:
677 # - It may require correct/in-range values for request initialization.
678 # - It may require specifying regional endpoints when creating the service
679 # client as shown in:
680 # https://googleapis.dev/python/google-api-core/latest/client_options.html
681 from google.cloud import resourcemanager_v3
682 from google.iam.v1 import iam_policy_pb2 # type: ignore
684 async def sample_set_iam_policy():
685 # Create a client
686 client = resourcemanager_v3.OrganizationsAsyncClient()
688 # Initialize request argument(s)
689 request = iam_policy_pb2.SetIamPolicyRequest(
690 resource="resource_value",
691 )
693 # Make the request
694 response = await client.set_iam_policy(request=request)
696 # Handle the response
697 print(response)
699 Args:
700 request (Optional[Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]]):
701 The request object. Request message for ``SetIamPolicy`` method.
702 resource (:class:`str`):
703 REQUIRED: The resource for which the
704 policy is being specified. See the
705 operation documentation for the
706 appropriate value for this field.
708 This corresponds to the ``resource`` field
709 on the ``request`` instance; if ``request`` is provided, this
710 should not be set.
711 retry (google.api_core.retry.Retry): Designation of what errors, if any,
712 should be retried.
713 timeout (float): The timeout for this request.
714 metadata (Sequence[Tuple[str, str]]): Strings which should be
715 sent along with the request as metadata.
717 Returns:
718 google.iam.v1.policy_pb2.Policy:
719 An Identity and Access Management (IAM) policy, which specifies access
720 controls for Google Cloud resources.
722 A Policy is a collection of bindings. A binding binds
723 one or more members, or principals, to a single role.
724 Principals can be user accounts, service accounts,
725 Google groups, and domains (such as G Suite). A role
726 is a named list of permissions; each role can be an
727 IAM predefined role or a user-created custom role.
729 For some types of Google Cloud resources, a binding
730 can also specify a condition, which is a logical
731 expression that allows access to a resource only if
732 the expression evaluates to true. A condition can add
733 constraints based on attributes of the request, the
734 resource, or both. To learn which resources support
735 conditions in their IAM policies, see the [IAM
736 documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
738 **JSON example:**
740 {
741 "bindings": [
742 {
743 "role":
744 "roles/resourcemanager.organizationAdmin",
745 "members": [ "user:mike@example.com",
746 "group:admins@example.com",
747 "domain:google.com",
748 "serviceAccount:my-project-id@appspot.gserviceaccount.com"
749 ]
751 }, { "role":
752 "roles/resourcemanager.organizationViewer",
753 "members": [ "user:eve@example.com" ],
754 "condition": { "title": "expirable access",
755 "description": "Does not grant access after
756 Sep 2020", "expression": "request.time <
757 timestamp('2020-10-01T00:00:00.000Z')", } }
759 ], "etag": "BwWWja0YfJA=", "version": 3
761 }
763 **YAML example:**
765 bindings: - members: - user:\ mike@example.com -
766 group:\ admins@example.com - domain:google.com -
767 serviceAccount:\ my-project-id@appspot.gserviceaccount.com
768 role: roles/resourcemanager.organizationAdmin -
769 members: - user:\ eve@example.com role:
770 roles/resourcemanager.organizationViewer
771 condition: title: expirable access description:
772 Does not grant access after Sep 2020 expression:
773 request.time <
774 timestamp('2020-10-01T00:00:00.000Z') etag:
775 BwWWja0YfJA= version: 3
777 For a description of IAM and its features, see the
778 [IAM
779 documentation](\ https://cloud.google.com/iam/docs/).
781 """
782 # Create or coerce a protobuf request object.
783 # Quick check: If we got a request object, we should *not* have
784 # gotten any keyword arguments that map to the request.
785 has_flattened_params = any([resource])
786 if request is not None and has_flattened_params:
787 raise ValueError(
788 "If the `request` argument is set, then none of "
789 "the individual field arguments should be set."
790 )
792 # The request isn't a proto-plus wrapped type,
793 # so it must be constructed via keyword expansion.
794 if isinstance(request, dict):
795 request = iam_policy_pb2.SetIamPolicyRequest(**request)
796 elif not request:
797 request = iam_policy_pb2.SetIamPolicyRequest(
798 resource=resource,
799 )
801 # Wrap the RPC method; this adds retry and timeout information,
802 # and friendly error handling.
803 rpc = gapic_v1.method_async.wrap_method(
804 self._client._transport.set_iam_policy,
805 default_timeout=60.0,
806 client_info=DEFAULT_CLIENT_INFO,
807 )
809 # Certain fields should be provided within the metadata header;
810 # add these here.
811 metadata = tuple(metadata) + (
812 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
813 )
815 # Send the request.
816 response = await rpc(
817 request,
818 retry=retry,
819 timeout=timeout,
820 metadata=metadata,
821 )
823 # Done; return the response.
824 return response
826 async def test_iam_permissions(
827 self,
828 request: Optional[Union[iam_policy_pb2.TestIamPermissionsRequest, dict]] = None,
829 *,
830 resource: Optional[str] = None,
831 permissions: Optional[MutableSequence[str]] = None,
832 retry: OptionalRetry = gapic_v1.method.DEFAULT,
833 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
834 metadata: Sequence[Tuple[str, str]] = (),
835 ) -> iam_policy_pb2.TestIamPermissionsResponse:
836 r"""Returns the permissions that a caller has on the specified
837 organization. The ``resource`` field should be the
838 organization's resource name, for example: "organizations/123".
840 There are no permissions required for making this API call.
842 .. code-block:: python
844 # This snippet has been automatically generated and should be regarded as a
845 # code template only.
846 # It will require modifications to work:
847 # - It may require correct/in-range values for request initialization.
848 # - It may require specifying regional endpoints when creating the service
849 # client as shown in:
850 # https://googleapis.dev/python/google-api-core/latest/client_options.html
851 from google.cloud import resourcemanager_v3
852 from google.iam.v1 import iam_policy_pb2 # type: ignore
854 async def sample_test_iam_permissions():
855 # Create a client
856 client = resourcemanager_v3.OrganizationsAsyncClient()
858 # Initialize request argument(s)
859 request = iam_policy_pb2.TestIamPermissionsRequest(
860 resource="resource_value",
861 permissions=['permissions_value1', 'permissions_value2'],
862 )
864 # Make the request
865 response = await client.test_iam_permissions(request=request)
867 # Handle the response
868 print(response)
870 Args:
871 request (Optional[Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]]):
872 The request object. Request message for ``TestIamPermissions`` method.
873 resource (:class:`str`):
874 REQUIRED: The resource for which the
875 policy detail is being requested. See
876 the operation documentation for the
877 appropriate value for this field.
879 This corresponds to the ``resource`` field
880 on the ``request`` instance; if ``request`` is provided, this
881 should not be set.
882 permissions (:class:`MutableSequence[str]`):
883 The set of permissions to check for the ``resource``.
884 Permissions with wildcards (such as '*' or 'storage.*')
885 are not allowed. For more information see `IAM
886 Overview <https://cloud.google.com/iam/docs/overview#permissions>`__.
888 This corresponds to the ``permissions`` field
889 on the ``request`` instance; if ``request`` is provided, this
890 should not be set.
891 retry (google.api_core.retry.Retry): Designation of what errors, if any,
892 should be retried.
893 timeout (float): The timeout for this request.
894 metadata (Sequence[Tuple[str, str]]): Strings which should be
895 sent along with the request as metadata.
897 Returns:
898 google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse:
899 Response message for TestIamPermissions method.
900 """
901 # Create or coerce a protobuf request object.
902 # Quick check: If we got a request object, we should *not* have
903 # gotten any keyword arguments that map to the request.
904 has_flattened_params = any([resource, permissions])
905 if request is not None and has_flattened_params:
906 raise ValueError(
907 "If the `request` argument is set, then none of "
908 "the individual field arguments should be set."
909 )
911 # The request isn't a proto-plus wrapped type,
912 # so it must be constructed via keyword expansion.
913 if isinstance(request, dict):
914 request = iam_policy_pb2.TestIamPermissionsRequest(**request)
915 elif not request:
916 request = iam_policy_pb2.TestIamPermissionsRequest(
917 resource=resource,
918 permissions=permissions,
919 )
921 # Wrap the RPC method; this adds retry and timeout information,
922 # and friendly error handling.
923 rpc = gapic_v1.method_async.wrap_method(
924 self._client._transport.test_iam_permissions,
925 default_timeout=None,
926 client_info=DEFAULT_CLIENT_INFO,
927 )
929 # Certain fields should be provided within the metadata header;
930 # add these here.
931 metadata = tuple(metadata) + (
932 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
933 )
935 # Send the request.
936 response = await rpc(
937 request,
938 retry=retry,
939 timeout=timeout,
940 metadata=metadata,
941 )
943 # Done; return the response.
944 return response
946 async def get_operation(
947 self,
948 request: Optional[operations_pb2.GetOperationRequest] = None,
949 *,
950 retry: OptionalRetry = gapic_v1.method.DEFAULT,
951 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
952 metadata: Sequence[Tuple[str, str]] = (),
953 ) -> operations_pb2.Operation:
954 r"""Gets the latest state of a long-running operation.
956 Args:
957 request (:class:`~.operations_pb2.GetOperationRequest`):
958 The request object. Request message for
959 `GetOperation` method.
960 retry (google.api_core.retry.Retry): Designation of what errors,
961 if any, should be retried.
962 timeout (float): The timeout for this request.
963 metadata (Sequence[Tuple[str, str]]): Strings which should be
964 sent along with the request as metadata.
965 Returns:
966 ~.operations_pb2.Operation:
967 An ``Operation`` object.
968 """
969 # Create or coerce a protobuf request object.
970 # The request isn't a proto-plus wrapped type,
971 # so it must be constructed via keyword expansion.
972 if isinstance(request, dict):
973 request = operations_pb2.GetOperationRequest(**request)
975 # Wrap the RPC method; this adds retry and timeout information,
976 # and friendly error handling.
977 rpc = gapic_v1.method.wrap_method(
978 self._client._transport.get_operation,
979 default_timeout=None,
980 client_info=DEFAULT_CLIENT_INFO,
981 )
983 # Certain fields should be provided within the metadata header;
984 # add these here.
985 metadata = tuple(metadata) + (
986 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
987 )
989 # Send the request.
990 response = await rpc(
991 request,
992 retry=retry,
993 timeout=timeout,
994 metadata=metadata,
995 )
997 # Done; return the response.
998 return response
1000 async def __aenter__(self):
1001 return self
1003 async def __aexit__(self, exc_type, exc, tb):
1004 await self.transport.close()
1007DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(
1008 gapic_version=package_version.__version__
1009)
1012__all__ = ("OrganizationsAsyncClient",)